One Week Only! Get an iPad Air with Smart Keyboard, Surface Go, or $300 Off with OnDemand or vLive Training!


To attend this webcast, login to your SANS Account or create your Account.

Who Owns ICS Security? Fusing IT, OT, & IIoT Security in the Corporate SOC.

  • Thursday, December 14th, 2017 at 1:00 PM EST (18:00:00 UTC)
  • Doug Wylie and Phil Neray
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • CyberX

You can now attend the webcast using your mobile device!


When targeted ICS attacks and malware impact production operations, everyone in the organization is affected. Downtime leads to customer dissatisfaction, reduced revenue, quarterly losses due to clean-up costs, fewer career opportunities from slower growth, and more.

ICS security has historically operated in its own silo. With its unique priorities (Safety and Availability vs. Confidentiality, etc.), lack of visibility into non-IT devices and protocols, and the notion of air-gapping, this seemed like the optimum approach.

But the world has changed dramatically. IIoT technology brings many benefits to businesses such as smart machines and real-time intelligence from the factory floor - but it also increases the attack surface and requires continuous connectivity between IT and OT.

Attackers look for the weakest links - and don't care if they pivot from a control engineer's PC on the corporate IT network, an HMI maintained by a third-party vendor whose credentials have been compromised, or a vulnerable CCTV device operated by the physical security team.

In this educational webinar led by Doug Wylie, SANS Director of the Industrials & Infrastructure practice area and previously Director of Product Security and Risk Management at Rockwell Automation, with Phil Neray, VP of Industrial Cybersecurity at CyberX, we'll explore the following questions:

  • Blending IT, OT and IIoT Security in the Corporate SOC: Given the massive investment organizations have already made in centralized SOCs - in trained personnel, standardized workflows, and unifying technologies such as SIEMs - is it time to bring ICS security into the corporate SOC?
  • Addressing the culture gap: How do we encourage tighter collaboration between IT security and OT teams?
  • Funding models: Who pays for stronger ICS security?
  • New technologies for Active Cyber Defense: With varying degrees of maturity, purpose-built OT security platforms now provide unprecedented visibility into ICS protocols, devices, and applications, combined with OT-specific analytics for behavioral anomaly detection. So how do we move beyond simple Syslog alerts to provide deeper visibility for SOC analysts - so they can leverage their skills in modern active cyber defense strategies such as threat modeling, threat hunting, and threat intelligence?

Speaker Bios

Doug Wylie

Doug Wylie directs the SANS Industrials and Infrastructure business portfolio, helping companies fulfill business objectives to manage security risks and develop a security-effective workforce.†His lengthy career spans a wide array of industries. He served as Rockwell Automationís director of product security risk management, where he founded and led its industrial cybersecurity and risk management program. Doug works around the world with companies, industry and standards bodies, and government entities to help safeguard converged IT-OT systems from contemporary cybersecurity threats.†He holds the CISSP certification and numerous patents, as well as being an accomplished writer, speaker and presenter.

Phil Neray

Phil is the VP of Industrial Cybersecurity for CyberX, whose notable customers include 2 of the top 5 US energy providers; a top 5 US chemical company; a top 5 global pharmaceutical company; and national electric and gas utilities across Europe and Asia-Pacific. Prior to CyberX, Phil held executive roles at IBM Security/Q1 Labs, Symantec, Veracode, and Guardium. Phil began his career as a Schlumberger engineer on oil rigs in South America and as an engineer with Hydro-Quebec. He has a BSEE from McGill University, is certified in cloud security (CCSK), and has a 1st Degree Black Belt in American Jiu Jitsu.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.